diff --git a/docs/configure/reference.md b/docs/configure/reference.md
index 0e3130d..ba15f4c 100644
--- a/docs/configure/reference.md
+++ b/docs/configure/reference.md
@@ -1,18 +1,18 @@
-The primary configuration file for RockNSM is found at `/etc/rocknsm/config.yml`.
+The primary configuration file for RockNSM is found at `/etc/rocknsm/config.yml`.
This file defines key information that drives the Ansible deployment playbook
like network interface setup, cpu cores assignment, and much more. There are a
-lot of options to tune here so take time to familiarize.
+lot of options to tune here so take time to familiarize.
-> A template of this file in it's entirety can be found [[here on github]](https://github.com/rocknsm/rock/blob/master/playbooks/templates/rock_config.yml.j2), but for greater clarity let's break it down into it's major sections:
+> A template of this file in it's entirety can be found [[here on github]](https://github.com/rocknsm/rock/blob/master/playbooks/templates/rock_config.yml.j2), but for greater clarity let's break it down into it's major sections:
### Network Interface
As mentioned previously, ROCK takes the interface with an ip address / gateway and will use that as the _management_ NIC. `config.yml` displays the remaining interfaces that will be used to **MONITOR** traffic.
-Let's run through a basic example:
+Let's run through a basic example:
```
[admin@rock ~]$ ip a
@@ -25,8 +25,8 @@ Let's run through a basic example:
link/ether ...
```
-The demo box above has 2 NICs:
-1. `enp0s3` - is plugged in for install and deployment with an ip address from local dhcp. This will be used to **manage** the sensor
+The demo box above has 2 NICs:
+1. `enp0s3` - is plugged in for install and deployment with an ip address from local dhcp. This will be used to **manage** the sensor
2. `enp0s4` - will be unused (not connected) during install and deployment and be listed as a `rock_monif` in the config file
The config file shows the other interface (`enp0s3`) is listed as MONITOR interface.
@@ -61,7 +61,7 @@ es_mem: 5
### Installation Source
We've taken into consideration that your sensor won't always have internet
-access. Currently the default value is set to `rock_online_install: True`:
+access. Currently the default value is set to `rock_online_install: True`:
```yml
# The primary installation variable defines the ROCK installation method:
@@ -74,9 +74,9 @@ access. Currently the default value is set to `rock_online_install: True`:
```
#### Online
-Does your sensor has access to [upstream](https://imgs.xkcd.com/comics/the_cloud.png)
+Does your sensor have access to [upstream](https://imgs.xkcd.com/comics/the_cloud.png)
online repositories? If so, then make sure that this value is set to
-`rock_online_install: True`.
+`rock_online_install: True`.
#### Offline
@@ -84,11 +84,11 @@ If you are in an offline environment, then set it to `rock_online_install: False
Ansible will deploy using the locally cached files found in `/srv/rocknsm`.
-> Note: In our next release the default behavior will be changed to an offline
+> Note: In our next release, the default behavior will be changed to an offline
install (reference [Issue #376](https://github.com/rocknsm/rock/issues/376))
### Data Retention
-This section controls how long NSM data stay on the sensor:
+This section controls how long NSM data stays on the sensor:
```yml
# Set the interval in which Elasticsearch indexes are closed:
elastic_close_interval: 15
@@ -113,7 +113,7 @@ fsf_retention: 3
```
### Component Options
-This is a critical section that provides boolean options to choose what components of ROCK are **_installed_** and **_enabled_** during deployment.
+This is a critical section that provides boolean options to choose what components of ROCK are **_installed_** and **_enabled_** during deployment.
```yml
rock_services:
@@ -173,4 +173,4 @@ rock_services:
enabled: True
```
-A good example for changing this section would involve [Stenographer](../services/stenographer.md). Collecting raw PCAP is resource and _**storage intensive**_. You're machine may not be able to handle that and if you just wanted to focus on network logs, then you would set both options in the config file to **disable** installing and enabling Stenographer.
\ No newline at end of file
+A good example for changing this section would involve [Stenographer](../services/stenographer.md). Collecting raw PCAP is resource and _**storage intensive**_. Your machine may not be able to handle that, and if you just wanted to focus on network logs, then you would set both options in the config file to **disable** installing and enabling Stenographer.
diff --git a/docs/install/media.md b/docs/install/media.md
index ab17f66..f7f8b37 100644
--- a/docs/install/media.md
+++ b/docs/install/media.md
@@ -1,10 +1,10 @@
# Install Media
-If there’s one thing that should be carried away from the installation section, it's this:
+If there’s one thing that should be carried away from the installation section, it's this:
RockNSM has been designed to be used as a security distribution, not a package or a suite of tools. It’s built from the ground up and the ONLY SUPPORTED INSTALL IS THE OFFICIAL ISO.
-Yes, one can clone the project and run the Ansible on some bespoke CentOS build, and you may have great success... but you've **voided the warranty**. Providing a clean product that makes supporting submitted issues is important to us. The ISO addresses most use cases.
+Yes, one can clone the project and run the Ansible components on some bespoke CentOS build, and you may have great success... but you've **voided the warranty**. Providing a clean product that makes supporting submitted issues is important to us. The ISO addresses most use cases.
## Download
@@ -14,24 +14,24 @@ The lastest ROCK build is available at [download.rocknsm.io](https://download.ro
## Applying the ISO
-Now it's time to create a bootable USB drive with the fresh ROCK build. Let's look at few options.
+Now it's time to create a bootable USB drive with the fresh ROCK build. Let's look at few options.
### Linux
#### CLI
-If you live in the terminal, use `dd` to apply the image. These instructions are for using a RHEL based system. If you're in a different environment, google is your friend.
+If you live in the terminal, use `dd` to apply the image. These instructions are for using a RHEL based system. If you're in a different environment, google is your friend.
> **CAUTION** when using these commands by **ENSURING** you're writing to the correct disk / partition!
-1. once you've inserted a USB get the drive ID:
-`lsblk`
+1. once you've inserted a USB get the drive ID:
+`lsblk`
-2. unmount the target drive so you can write to it:
-`umount /dev/disk#`
+2. unmount the target drive so you can write to it:
+`umount /dev/disk#`
-3. write the image to drive:
-`sudo dd bs=8M if=path/to/rockiso of=/dev/disk#`
+3. write the image to drive:
+`sudo dd bs=8M if=path/to/rockiso of=/dev/disk#`
#### GUI
@@ -51,14 +51,14 @@ For the terminal, we'll once again use `dd`, but with a few differences from the
> **CAUTION** when using these commands by **ENSURING** you're writing to the correct disk / partition!
-1. once you've inserted a USB get the drive ID:
-`diskutil list`
+1. once you've inserted a USB get the drive ID:
+`diskutil list`
-2. unmount the target drive so you can write to it:
-`diskutil unmount /dev/disk#`
+2. unmount the target drive so you can write to it:
+`diskutil unmount /dev/disk#`
-3. write the image to drive:
-`sudo dd bs=8m if=path/to/rockiso of=/dev/disk#`
+3. write the image to drive:
+`sudo dd bs=8m if=path/to/rockiso of=/dev/disk#`
#### GUI
diff --git a/docs/install/requirements.md b/docs/install/requirements.md
index 7b0842d..9eb2cc6 100644
--- a/docs/install/requirements.md
+++ b/docs/install/requirements.md
@@ -1,20 +1,20 @@
# Requirements
-Installation of ROCK can be broken down into three main steps:
+Installation of ROCK can be broken down into three main steps:
1. Install
1. Configure
1. Deploy
-Before that, let's cover what you're going to need before starting.
+Before that, let's cover what you're going to need before starting.
## Sensor Hardware
-The analysis of live network data is a resource intensive task, so the higher
-the IOPS the better. Here's the bottom line:
+The analysis of live network data is a resource-intensive task, so the higher
+the IOPS, the better. Here's the bottom line:
-> **If you throw hardware at ROCK it will use it, and use it well.**
+> **If you throw hardware at ROCK, it will use it, and use it well.**
### Minimum Specs
@@ -40,7 +40,7 @@ the IOPS the better. Here's the bottom line:
ROCK is first and foremost a _**passive**_ network sensor and is designed with
the assumption that there may not be a network connection available during
install. There's some built-in flexibility with deploying ROCK, and this will
-be clarified more in then next sections.
+be clarified more in then next sections.
diff --git a/docs/reference/changelog.md b/docs/reference/changelog.md
index 30c7c7a..ba521e4 100644
--- a/docs/reference/changelog.md
+++ b/docs/reference/changelog.md
@@ -2,25 +2,25 @@
## 2.5 -- 2020-02-21
-- New: ROCK has move to the ECS standard
-- New: Out of the box support for XFS Disk Quotas
-- New: Updated ROCK Dashboards
-- Fix: Various visualization issues in ROCK dashboard
-- Fix: (x509) Certificate issues resolved
+- New: ROCK has moved to the ECS standard
+- New: Out of the box support for XFS Disk Quotas
+- New: Updated ROCK Dashboards
+- Fix: Various visualization issues in ROCK dashboard
+- Fix: (x509) Certificate issues resolved
- Update: Elastic Stack components to version 7.6
-- Update: Zeek to version 3
-- Update: Zeek to version 5
+- Update: Zeek to version 3
+- Update: Zeek to version 5
## 2.4 -- 2019-04-02
-- New: Text User Interface (TUI) for initial host setup
-- New: ROCK manager utility
-- New: Automated Testing Infrastructure
-- Fixes: 95 closed issues
-- Upgrade: Elastic 6.6 -> 6.7.1
-- Upgrade: Suricata 4.1.1 -> 4.1.3
-- Upgrade: Zookeeper 3.4.11 -> 3.4.13
+- New: Text User Interface (TUI) for initial host setup
+- New: ROCK manager utility
+- New: Automated Testing Infrastructure
+- Fixes: 95 closed issues
+- Upgrade: Elastic 6.6 -> 6.7.1
+- Upgrade: Suricata 4.1.1 -> 4.1.3
+- Upgrade: Zookeeper 3.4.11 -> 3.4.13
## 2.3 -- 2019-02-25
@@ -39,34 +39,34 @@
- Change: Move RockNSM install paths to filesystem hierarchy standard locations (#344)
-## 2.2 -- 2018-10-26
+## 2.2 -- 2018-10-26
-- Feature: rockctl command to quickly check or change services
-- Feature: Docket, a REST API and web UI to query multiple stenographer instances, now using TCP port 443
-- Optimization: Kibana is now running on TCP port 443
-- Feature: Added Suricata-Update to manage Suricata signatures
-- Feature: GPG signing of packages and repo metadata
-- Feature: Added functional tests using testinfra
-- Feature: Initial support of Elastic Common Schema
-- Feature: Elastic new Features
- - Canvas
- - Elastic Maps Service
-- Feature: Include full Elasticstack (with permission) including features formerly known as X-Pack:
- - Graph
- - Machine Learning
- - Reporting
- - Security
- - Monitoring
- - Alerting
- - Elasticsearch SQL
-- Optimization: Elastic dashboards, mappings, and Logstash config moved to module-like construct
-- Upgrade: CentOS is updated to 7.5 (1804)
-- Upgrade: Elastic Stack is updated to 6.4.2
-- Upgrade: Suricata is updated to 4.0.5
-- Upgrade: Bro is updated to 2.5.4
+- Feature: rockctl command to quickly check or change services
+- Feature: Docket, a REST API and web UI to query multiple stenographer instances, now using TCP port 443
+- Optimization: Kibana is now running on TCP port 443
+- Feature: Added Suricata-Update to manage Suricata signatures
+- Feature: GPG signing of packages and repo metadata
+- Feature: Added functional tests using testinfra
+- Feature: Initial support of Elastic Common Schema
+- Feature: Elastic new Features
+ - Canvas
+ - Elastic Maps Service
+- Feature: Include full Elasticstack (with permission) including features formerly known as X-Pack:
+ - Graph
+ - Machine Learning
+ - Reporting
+ - Security
+ - Monitoring
+ - Alerting
+ - Elasticsearch SQL
+- Optimization: Elastic dashboards, mappings, and Logstash config moved to module-like construct
+- Upgrade: CentOS is updated to 7.5 (1804)
+- Upgrade: Elastic Stack is updated to 6.4.2
+- Upgrade: Suricata is updated to 4.0.5
+- Upgrade: Bro is updated to 2.5.4
-## 2.1 -- 2018-08-23
+## 2.1 -- 2018-08-23